Brent- IOS device *foo* has authorized a(ny) key with MD5 *C,* an MD5 checksum of
public key *K1*. As stated in the other thread, *foo* only bases authn on if the *checksum* presented key matches *C*. *foo* does not store *K1* locally. It does not use *C* to look up a local *K1*. The only course of action forward, given that ...*interesting* design choice, then is to use the key that the client presents - provided its checksum matches *C*. We agree on that, yes?
Yes.
Alice creates keypair *KP2*, with public key *K2*. Alice then pads junk to *K2*'s *n* until she reaches collision in the wire-packed form with *C,* creating *Blob1*. Let's say Alice had to add 512 bytes to reach collision with *C*.
The key blob is *encoded* , not hashed. base64(x) can never equal base64(y), and therefore cannot collide. !!! My understanding is different, that any colliding hash will match. If pubkey(value) Md5(value) Equals the stored config value, then it approves it.